Healthcare Security And Compliance: The Good, The Bad And The Ugly
Ben Tercha is COO at Omega Systems, an award-winning managed IT services provider (MSP) and managed security service provider (MSSP).
Perhaps tasked with meeting more stringent cybersecurity and compliance demands than any other industry, the healthcare sector faces a myriad of complex challenges. While there are bright spots to applaud, there's also continued progress yet to be made—and in some cases, potential danger zones to beware of.
Let's break down some of the good, the bad and the ugly hallmarks of governance, risk and compliance (GRC) in the healthcare industry today.
It's not all doom and gloom. Today's healthcare organizations are more equipped than ever before to face an increasingly dangerous threat landscape, thanks in part to rigorous regulatory demands, innovative technology capabilities and more general awareness of potential security threats.
HIPAA compliance standards continue to evolve, with new proposals for increased data protection introduced as recently as a few months ago. If enacted, these stricter security measures will help fortify the industry and ensure a continued focus on patients' rights as well as data transparency and privacy. Under the proposed rule, new requirements would include:
• Security controls such as multi-factor authentication (MFA), network segmentation and data encryption while at rest and in transit;
• Written procedures for restoring lost data and protected health information (PHI) within 72 hours; and
• Annual completion of a HIPAA compliance audit.
Technology innovations, like AI-powered threat detection, advanced endpoint security tools and behavioral analytics are improving cybersecurity defense strategies and giving healthcare companies more ammo to fight sophisticated threats.
More healthcare providers are taking action to assess third-party risks than ever before, performing at least basic vendor due diligence and asking providers to validate data privacy and security controls at a high level.
Despite some progress, many healthcare organizations still struggle with navigating an increasingly complex cybersecurity and compliance landscape.
While many healthcare entities meet HIPAA's basic compliance standards for data privacy, most still lack a robust, proactive risk management strategy that includes multi-layered security protections across the perimeter, network and endpoints.
Too few organizations are implementing what I consider "must-have" security controls for the healthcare industry today: MFA, endpoint detection and response, and data encryption, for example. These tools are both powerful and cost-effective, and yet we still see companies sidestep adoption too easily.
Furthermore, a vast number of companies in the healthcare industry appear reticent to utilize outsourced providers such as MSPs/MSSPs for deeper IT and security expertise. This hesitation can lead to over-burdened internal teams and can hinder organizational productivity, innovation and scalability in the long run.
Most healthcare companies don't have the tools or expertise to understand where PHI resides and how it moves within their IT environments, not to mention the value of that data! It's often stored in multiple, unsecured locations, and cloud applications and other data sources often lack deeper connectivity and integration—all of which can lead to increased breach potential.
Human error remains one of the biggest dangers for businesses across all industries. For healthcare companies, a lack of consistent security awareness training and real-time education will continue to increase potential risks.
Believe it or not, there are even bigger security concerns for the healthcare industry today, and without a concerted effort to address growing risks, companies—and their patients—will suffer.
Hackers view healthcare organizations (including hospitals, insurance carriers and even smaller medical practices) as "low-hanging fruit." They frequently take advantage of outdated infrastructure, unpatched systems/applications and untrained employees to execute sophisticated phishing scams and zero-day attacks against the healthcare sector that lead to operational disruptions and financial loss.
Beyond fines, data breaches result in sensitive data exposure, reputational damage, lawsuits and even potential harm to patient care. More than perhaps any other industry, healthcare providers need to take extra care to secure systems and data to ensure they do not end up in the wrong hands.
Healthcare providers face increasing scrutiny from regulators, class-action lawsuits from patients and hefty penalties for non-compliance. As HIPAA considers rolling out additional requirements, it will be incumbent on organizations to evaluate opportunities to fortify their security stack to avoid serious consequences. In fact, there have been calls to remove existing statutory caps on fines, a move that could lead to more significant and immediate non-compliance penalties.
Despite increasing regulatory oversight and a constant stream of attacks in the news, too many healthcare companies are letting cost dictate their security strategy. Of course, most businesses don't have unlimited IT budgets, so it's impossible to adopt every new and shiny security tool on the market. However, there's a fine line between cost control and penny-pinching.
Modern cyber threats demand a modern approach to cybersecurity. In practice, that means healthcare organizations need to align internally on their overall approach to GRC and develop a strategic roadmap that balances both efficiency and risk. Furthermore, relying on reputable IT partners and investing in robust technology solutions have proven to not only extend the effectiveness of internal resources but also aid the security and compliance process in a meaningful way.
Organizations that avoid or delay security investments will likely end up spending more working on breach recovery, non-compliance fines and reputational damage. Considering the options of a five-dollar-per-user MFA solution versus hundreds of hours of incident response and the exponential cost to your organization and its patients, I know what I would choose.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Entrepreneur
an hour ago
- Entrepreneur
Bessemer Appoints Pankaj Mitra as Partner to Lead India Investments in AI, Enterprise Tech
The tech industry veteran brings over 25 years of experience to Bessemer, where he will focus on AI, enterprise-tech and cybersecurity investments in India. You're reading Entrepreneur India, an international franchise of Entrepreneur Media. Global venture capital firm Bessemer Venture Partners has announced the appointment of tech industry veteran Pankaj Mitra as a Partner in its India practice, underscoring its continued commitment to backing the next generation of technology leaders in the region. Mitra will focus primarily on enterprise tech, artificial intelligence (AI), and cybersecurity. Mitra brings over 25 years of industry experience to Bessemer, having previously led investments and M&A efforts at Cisco's corporate development team, particularly for its global Customer Experiences portfolio and Indian operations. His impressive investment track record includes stakes in companies such as Fiddler (AI observability), Uniphore (contact center AI), and Whatfix (digital adoption). "I am thrilled to join Bessemer at this pivotal time," said Mitra. "The ongoing AI platform shift offers a once-in-a-generation opportunity for builders to usher in the next wave of tech evolution across industries. With its stellar track record, Bessemer is poised to partner with this new generation of ambitious, world-class founders in India addressing pain points domestically and globally, and I'm excited to be part of this journey." Prior to Cisco, Mitra was part of Infosys's USD 500 million innovation fund, where he invested in firms like Ideaforge and Whoop. His early career includes roles at VMware, where he helped launch its first cloud services, and at Deloitte as a management consultant. Mitra holds a degree from IIT Kharagpur and an MBA from the UC Berkeley Haas School of Business. Vishal Gupta, Partner at Bessemer, said, "We are delighted to welcome Pankaj to the Bessemer family. He brings a breadth of experience which is a unique blend of investing prowess as well as deep industry knowledge. This will be invaluable as we look to deepen our commitments in AI, enterprise-tech, and cybersecurity in India." Bessemer Venture Partners, with over USD 18 billion in assets under management, has backed iconic global companies including LinkedIn, Shopify, Twilio, DocuSign, and Toast. In India, the firm has been active for over two decades, with past and current investments in Swiggy, Urban Company, Boldfit, Easebuzz, and others. In March 2025, Bessemer announced its second India-focused fund of USD 350 million, targeting areas such as AI, fintech, enterprise-tech, digital health, and cybersecurity—sectors directly aligned with Mitra's expertise.
Forbes
an hour ago
- Forbes
Logitech Is Born To Be Wired With New Signature Slim Wired Combo Keyboard And Mouse
With more people returning to the workplace for at least part of the week, some companies are looking to refresh their IT systems. Instead of replacing entire computers that haven't been used a great deal, some companies are investing in new mice, keyboards and screens to give things a facelift. Logitech has announced the launch of its Signature Slim Wired MK620 and MK625 Combo for Business. Consisting of a revamped keyboard and mouse package, the Combo is designed for companies and industries that prefer to use wired peripherals for reasons of reliability and physical security in shared workspaces. The keyboard and mouse combo can easily switch between Windows PCs, macOS and ChromeOS devices, making the setup suitable for people working in shared spaces with desktop computers or where people bring their laptop but need an external screen, keyboard and mouse. Launching a wired mouse and keyboard may seem a little counterintuitive in this age of wireless peripherals, but there is plenty of logic behind Logitech's position. Indeed, many workplaces have compelling reasons not to use wireless devices and don't want to cut the cord. For example, on financial trading floors, the physical security of devices is vital and the keyboard must be instantly responsive. In medical settings, something like a flat battery in a wireless keyboard or mouse can hinder the input of test results, especially in critical situations. Meanwhile, in schools, colleges and shared workspaces, wired keyboards tend to be stolen far less often. 'Workers in these industries deserve the same modern experience typically seen in wireless tech,' says Henry Levak, VP of Product, Logitech for Business. 'Signature Slim Wired Combo MK620 rewrites the old-school perception of wired devices. It's the end of wired as we know it; time to introduce upgraded performance and customization in a wired model designed for the critical needs of government, banking, healthcare, and shared public spaces.' This latest addition to Logitech's Signature Slim family includes the Signature Slim Wired MK620 for Business keyboard that offers a similar feel to a laptop-style keyboard that many people are used to using. The keyboard has a dedicated AI Launch Key with instant access to Microsoft's Copilot for Windows or Gemini for ChromeOS. The keyboard can also be customized to launch other AI tools such as ChatGPT and Perplexity. For users of meeting software like Microsoft Teams, Google Meet and Zoom, the new keyboard has shortcuts that can be configured using the Logi Tune software for creating handy actions like muting a microphone, turning off a webcam or sharing a screen with a single keystroke. The new keyboard comes with the Signature Wired M520 or M520 L for Business mouse. The ambidextrous rodent can be used by left-handed and right-handed people, plus it has an adjustable cursor speed. With a flick of the mouse's SmartWheel, users can activate super-fast scrolling that can race through lengthy web pages or large spreadsheets. Alternatively, users can scroll documents line-by-line with Silent Touch technology that reduces 90% of the mouse's clicking noises. While employees might not appreciate coming back to the office, finding a brand-new and up-to-date keyboard and mouse could ease the pain a little. Logitech thinks IT teams will also appreciate how easy it is to deploy en masse. The Signature Slim Wired Combo MK620 has a switch for IT and employees to easily toggle between Windows, MacOS, and ChromeOS. IT departments can plug the keyboard and mouse into USB-C ports and then choose the operating system they want and deploy multiple devices across the company. The status of the mouse and keyboard can be checked with Logitech's Sync portal and tap into global support when needed. Because wired devices don't require any batteries or recharging, less maintenance is required. This makes connectivity more reliable and there's also less risk of the devices being stolen. The upshot is fewer support calls and help desk tickets. As a company originating in Switzerland, Logitech is hot on sustainability and the Signature Slim Wired Combo MK620 is no exception. Both devices are made with plastic parts containing a minimum of 66% post-consumer recycled material and they are shipped in paper packaging from FSC-certified forests and other controlled sources. The keyboard plate is made with low-carbon aluminum and the MK620 combo improves power efficiency by consuming 49% less energy on the keyboard and 50% less on the mouse than its predecessor, the MK120 wired combo. The Logitech Signature Slim Wired Combo MK620 & MK625 for Business will be available globally from June 27 and priced at $69.99. The K620 keyboard is available separately for $49.99, while the M520 and M520 L mice sell for $24.99. All products are available from and through authorized resellers.
Medscape
an hour ago
- Medscape
Older Adults Are Using More Cannabis
Cannabis use in older adults is up, according to researchers who used a national survey database to study emergent patterns in older adult use of the substance. Their results were published online in JAMA Internal Medicine . After noting an upward trend in seniors using cannabis — from 1.0% in 2005 to 4.2% in 2018— a group of investigators led by Benjamin H. Han, MD, from the University of California San Diego School of Medicine, conducted a cross-sectional analysis of the 2021-2023 cohorts from the National Survey on Drug Use and Health. Their sample included 15,689 adults aged 65 years or older. More than half of the sample (54%) were women. Han and colleagues found that when compared with prior years, past-month cannabis use increased significantly across the cohorts, from 4.8% (95% CI, 3.9%-5.9%) in 2021 to 7.0% (95% CI, 6.2%-8.0%) in 2023. In a subanalysis, the investigators found that increased prevalence in past month cannabis use was associated with multiple demographic factors. Both women and men showed increased trends, with an odds ratio (OR) of 1.32 (1.10-1.59) in women and an OR of 1.18 (0.97-1.43) in men. Increased past month cannabis use was also observed in older adults with a minimum $75,000 annual income, those with college or postgraduate degrees, those who were married, and those living in a state with legalized medical cannabis. Further subanalysis of the survey respondents by race showed that persons who identified as 'other' sustained the highest OR of increased use, OR = 2.26 (1.12-4.59). Older adults with the highest incomes previously were found to have the lowest prevalence of cannabis use compared with other income levels, but by 2023, they had the highest usage increase. The study authors suggested this could be due to their ability to afford medical cannabis. Although an increase in past-month cannabis use was associated with a number of medical conditions, the researchers wrote that they were unable to cleanly sort recreational from medical use. People with chronic diseases, especially those with multiple conditions, saw a spike in cannabis use. The most common medical condition recorded was chronic obstructive pulmonary disease with heart conditions, diabetes, hypertension, cancer, and two or more chronic conditions also noted to have increased prevalence (6.4%-13.5%). 'The substantial increased prevalence in states with legalized medical cannabis highlights the importance of structural educational support for patients and clinicians in those states,' Han and colleagues wrote. 'The use of cannabis products, especially with psychoactive properties, may complicate chronic disease management among older adults.' A cannabis researcher not involved in Han and colleagues' study agreed. 'One of the most important findings was that those in residence in a state where medical cannabis is legal at the time of interview also showed greater increases in cannabis use,' said Elise Weerts, PhD, a professor in the Department of Psychiatry and Behavioral Sciences at Johns Hopkins Medical School, in Baltimore, in an interview with Medscape Medical News . Weerts is also a researcher at the Cannabis Science Laboratory at Johns Hopkins. Meanwhile, in an accompanying editorial, experts pointed to how, despite a lack of consistent data on cannabis use in older age, its use is growing as it is increasingly legalized. 'Existing therapeutic evidence for medical cannabis in older adults has been inconsistent across several conditions, with many studies suggesting possible benefits, while others finding limited benefit,' the authors of the editorial wrote. 'The potential harms of cannabis use in older adults are apparent, with increased risks of cardiovascular, respiratory, and gastrointestinal conditions, stroke, sedation, cognitive impairment, falls, motor vehicle injuries, drug-drug interactions, and psychiatric disorders,' they wrote. The editorial authors stated concerns about scant evidence and a lack of standards around administering cannabis in this patient population. 'Existing therapeutic evidence for medical cannabis in older adults has been inconsistent across several conditions, with many studies suggesting possible benefits, while others finding limited benefit,' they wrote. 'Much of the evidence for benefit derives from a single or a small number of studies with nonrandomized designs, and very few studies evaluated harms, making the benefit to risk ratio unclear.' The editorialists also pointed to the frustration older adult users of cannabis feel around 'the lack of awareness and education about age-related issues' at cannabis dispensaries and even in healthcare workers. The study's findings did not surprise Weerts, who said she has been tracking similar data elsewhere. She said she agreed with the editorial writers that the gap between cannabis use and the understanding of its potential adverse effects or contraindications is widening. 'I am concerned that older adults using cannabis may not be aware of the risks, and that data supporting its efficacy for medical purposes are still not available,' Weerts said. 'We need randomized placebo-controlled trials to demonstrate any potential benefits and also track any adverse effects and potential harms.'
